Installation and Configuration of Salt with Docker in GNS3

Disclaimer: – I am not an expert in Saltstack. I have been spending some good time to understand and unwrap bits of it primarily focused on Network Automation use-cases. This note was written by me (Gaurav Agrawal) in my personal capacity. The opinions expressed in this article are solely my own and do not reflect the view of my employer or my preference towards any of the OEMs.

This blog
would demonstrate our first step to start Network Automation using salt. At the
end of this section – one would be familiar on “how to start a basic salt
environment”.

Below topics will be discussed in this section.

Crafting “Salt-Master” & “Salt-Minion” docker container.

GNS3 topology preparation

Master Configuration

Minion Configuration

Proxy configuration

Verification

Crafting Docker image for Salt-master and Salt-minion

I am sure – you must be thinking why do I need to build a docker container? – Well, we will demonstrate this lab in GNS3 & by default required containers are not available on GNS3 website marketplace. Hence, we need to create one to fulfill following objective i.e. “Faster, Scalable, efficient”

Changes made within an “Ubuntu Hosts” are not persistent if GNS3 application is reloaded. Hence, every time we must install “salt-master” and “salt-minion” and other respective dependencies. Therefore, it would be a good idea to create an image which will have all its dependencies installed as soon as we create a container.

Traditional methodology is not scalable i.e. imagine a situation if we got a requirement to import 3,5,10…so on containers in one project. Adding the same dependency at each container would be an inefficient use of resources and time-consuming process.

Hence, we decided to build a docker container for “Salt-Master” and “Salt-Minion”.

The only prerequisite for this is to have GNS3 VM installed & running in our local machine. Post-installation it would look like this.

Click on “OK” and select “shell” using UP/DOWN arrow key. This will bring to “GNS3 VM” shell.

Enter “pwd” to determine the present working directory

Enter “sudo su –“ to login as “root” user.

Navigate to the above working directory – In our case i.e. /home/gns3

Ensure that you have internet access to GNS3 VM. Try “ping google.com”. If not, please check VM network adapter settings and add the appropriate “NAT” adapter to the VM.

Importing these custom build containers to GNS3

3. Select the appropriate build i.e. “mrcissp-master:latest” for Master & “mrcissp-minion:latest” for Minion from the drop down menu.

4. Click on Next. 5. Repeat this for the Minion Build. This is how the application window looks like

6. Click on “Apply”

Creating First GNS3 topology

To start our first project with Salt :- below GNS3 topology have been considered for demonstration.

Note: By default the changes made to the docker container files will not be persistent to GNS3 if it reloads. Hence, to maintain persistency below configuration change would be require in our Hosts i.e. “mrcissp-master-1” and “mrcissp-minion-1“.

Right click on mrcissp-master-1/mrcissp-minion-1, select “configure”

From the available tab select “Advanced” and add the below mentioned directory.

Salt Master Configuration

The Salt system is amazingly simple and easy to configure, the two components of the Salt system each have a respective configuration file. The salt-master is configured via the master configuration file i.e. /etc/salt/masterIdentify the Salt-Master IP address. i.e. 192.168.100.2

Execute “nano /etc/salt/master” & add the IP address to which salt-master will be listening to.

# How often, in seconds, to send keepalives after the first one. Default -1 to
# use OS defaults, typically 75 seconds on Linux, see
# /proc/sys/net/ipv4/tcp_keepalive_intvl.
#tcp_keepalive_intvl: -1
interface: 192.168.100.2

Start salt-master using command “salt-master -d” – where “-d” denotes to run this command in background on “shell terminal”. Also, execute “salt-key” command to verify if Master can hear any minion. Since, we don’t have any minion running as of now. Hence, we don’t see any minion key coming to this Master for authentication.

Start salt-minion using command “salt-minion -d” – where “-d” denotes to run this command in background on “shell terminal”.

root@mrcissp-minion-1:/# salt-minion -d
/usr/local/lib/python2.7/dist-packages/salt/scripts.py:198: DeprecationWarning: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. Salt will drop support for Python 2.7 in the Sodium release or later.
root@mrcissp-minion-1:/#

Execute “salt-key” command to verify if Master can hear any minion now. As we can see – Minion with minion ID “mrcissp-minion-1” is seen at master but it’s keys are not accepted by Master.